GarrettCom Ethernet Networks and Web Management User Manual

11

TLS – Transport Layer Security

TLS is a successor to SSL, using a wider variety of cryptographic algorithms for access security. It is

standardized by the Internet Engineering Task Force (IETF). It is a protocol that provides secure

communication over a TCP/IP connection such as the Internet. It uses digital certificates for

authentication and digital signatures to ensure message integrity, and can use public key cryptography

to ensure data privacy. A TLS service negotiates a secure session between two communicating

endpoints. TLS is built into recent versions of all major browsers and web servers. Although the TLS

and SSL protocols are not interoperable, TLS secure transport can back down to SSL 3.0 if a TLS

session cannot be negotiated.

MAC Addressing

Another aspect of network security can be used to block computers from accessing the network by

requiring the port to validate the Media Access Control (MAC) address against a known list of

approved MAC addresses. If there is an insecure access on a secondary device connected to a switch,

these levels of control allow authorized users to continue to access the network while unauthorized

packets are dropped.

Remote Security

The further afield the users who have a need to access an industrial network, the more critical it is that

the network design provide system-wide protection. Standards such as Remote Authentication Dial In

User Service (RADIUS 802.1x), Terminal Access Controller Access Control System (TACACS+)

make user identity secure. For additional data security, Secure Shell (SSH) extend total system

security by shielding traffic running through the switch. Switch manufacturers assist in the support of

data security using these standards, but the implementation requires broader compliance than that

available at the individual switch.